Starting to mess with it, this basically works for Google

2024-10-04 00:48:04 -07:00 · 2024-10-04 00:48:04 -07:00 · 9cef15313e
commit 9cef15313e
parent 95d1abd416
6 changed files with 121 additions and 1 deletions
--- a/src-ui/src/app/components/manage/mail/mail.component.html
+++ b/src-ui/src/app/components/manage/mail/mail.component.html
@ -13,6 +13,7 @@
    <button type="button" class="btn btn-sm btn-outline-primary ms-4" (click)="editMailAccount()" *pngxIfPermissions="{ action: PermissionAction.Add, type: PermissionType.MailAccount }">
      <i-bs name="plus-circle"></i-bs>&nbsp;<ng-container i18n>Add Account</ng-container>
    </button>
+    <a class="btn btn-sm btn-outline-primary ms-2" [href]="googleOAuthUrl" target="_blank" i18n>Connect with Google</a>
  </h4>
  <ul class="list-group">
    <li class="list-group-item">
--- a/src-ui/src/app/components/manage/mail/mail.component.ts
+++ b/src-ui/src/app/components/manage/mail/mail.component.ts
@ -18,6 +18,9 @@ import { MailAccountEditDialogComponent } from '../../common/edit-dialog/mail-ac
 import { MailRuleEditDialogComponent } from '../../common/edit-dialog/mail-rule-edit-dialog/mail-rule-edit-dialog.component'
 import { PermissionsDialogComponent } from '../../common/permissions-dialog/permissions-dialog.component'
 import { ComponentWithPermissions } from '../../with-permissions/with-permissions.component'
+import { SettingsService } from 'src/app/services/settings.service'
+import { SETTINGS_KEYS } from 'src/app/data/ui-settings'
+import { ActivatedRoute } from '@angular/router'

@Component({
  selector: 'pngx-mail',
@ -32,13 +35,20 @@ export class MailComponent
  mailRules: MailRule[] = []

  unsubscribeNotifier: Subject<any> = new Subject()
+  oAuthAccoundId: number
+
+  public get googleOAuthUrl(): string {
+    return this.settingsService.get(SETTINGS_KEYS.GOOGLE_OAUTH_URL)
+  }

  constructor(
    public mailAccountService: MailAccountService,
    public mailRuleService: MailRuleService,
    private toastService: ToastService,
    private modalService: NgbModal,
-    public permissionsService: PermissionsService
+    public permissionsService: PermissionsService,
+    private settingsService: SettingsService,
+    private route: ActivatedRoute
  ) {
    super()
  }
@ -50,6 +60,13 @@ export class MailComponent
      .subscribe({
        next: (r) => {
          this.mailAccounts = r.results
+          if (this.oAuthAccoundId) {
+            this.editMailAccount(
+              this.mailAccounts.find(
+                (account) => account.id === this.oAuthAccoundId
+              )
+            )
+          }
        },
        error: (e) => {
          this.toastService.showError(
@ -70,6 +87,19 @@ export class MailComponent
          this.toastService.showError($localize`Error retrieving mail rules`, e)
        },
      })
+
+    this.route.queryParamMap.subscribe((params) => {
+      if (params.get('oauth_success')) {
+        this.oAuthAccoundId = parseInt(params.get('account_id'))
+        if (this.mailAccounts.length > 0) {
+          this.editMailAccount(
+            this.mailAccounts.find(
+              (account) => account.id === this.oAuthAccoundId
+            )
+          )
+        }
+      }
+    })
  }

  ngOnDestroy() {
--- a/src-ui/src/app/data/ui-settings.ts
+++ b/src-ui/src/app/data/ui-settings.ts
@ -64,6 +64,7 @@ export const SETTINGS_KEYS = {
  SEARCH_DB_ONLY: 'general-settings:search:db-only',
  SEARCH_FULL_TYPE: 'general-settings:search:more-link',
  EMPTY_TRASH_DELAY: 'trash_delay',
+  GOOGLE_OAUTH_URL: 'google_oauth_url',
 }

 export const SETTINGS: UiSetting[] = [
@ -242,4 +243,9 @@ export const SETTINGS: UiSetting[] = [
    type: 'number',
    default: 30,
  },
+  {
+    key: SETTINGS_KEYS.GOOGLE_OAUTH_URL,
+    type: 'string',
+    default: '',
+  },
 ]
--- a/src/documents/views.py
+++ b/src/documents/views.py
@ -14,6 +14,7 @@ from unicodedata import normalize
 from urllib.parse import quote
 from urllib.parse import urlparse

+import httpx
 import pathvalidate
 from django.apps import apps
 from django.conf import settings
@ -1554,6 +1555,16 @@ class UiSettingsView(GenericAPIView):
    permission_classes = (IsAuthenticated, PaperlessObjectPermissions)
    serializer_class = UiSettingsViewSerializer

+    def generate_google_oauth_url(self) -> str:
+        token_request_uri = "https://accounts.google.com/o/oauth2/auth"
+        response_type = "code"
+        client_id = settings.GOOGLE_OAUTH_CLIENT_ID
+        redirect_uri = "http://localhost:8000/api/oauth/google/callback/"
+        scope = "https://mail.google.com/"
+        access_type = "offline"
+        url = f"{token_request_uri}?response_type={response_type}&client_id={client_id}&redirect_uri={redirect_uri}&scope={scope}&access_type={access_type}"
+        return url
+
    def get(self, request, format=None):
        serializer = self.get_serializer(data=request.data)
        serializer.is_valid(raise_exception=True)
@ -1584,6 +1595,9 @@ class UiSettingsView(GenericAPIView):

        ui_settings["auditlog_enabled"] = settings.AUDIT_LOG_ENABLED

+        if settings.GOOGLE_OAUTH_ENABLED:
+            ui_settings["google_oauth_url"] = self.generate_google_oauth_url()
+
        user_resp = {
            "id": user.id,
            "username": user.username,
@ -2129,3 +2143,58 @@ class TrashView(ListModelMixin, PassUserMixin):
                doc_ids = [doc.id for doc in docs]
            empty_trash(doc_ids=doc_ids)
        return Response({"result": "OK", "doc_ids": doc_ids})
+
+
+# Outlook https://stackoverflow.com/questions/73902642/office-365-imap-authentication-via-oauth2-and-python-msal-library
+class GoogleOauthCallbackView(GenericAPIView):
+    # permission_classes = (AllowAny,)
+
+    def get(self, request, format=None):
+        # Guide: https://postmansmtp.com/how-to-configure-post-smtp-with-gmailgsuite-using-oauth/
+        # http://localhost:4200/api/oauth/google/callback?code=4%2F0AQlEd8yxIwqjz95p82tWMq4ogn4KxRdprtjjGqjEHW4x7X1roEgswzn9EfiAit1cOLfSog&scope=email+profile+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&authuser=0&hd=michaelshamoon.com&prompt=consent
+        code = request.query_params.get("code")
+        if code is None:
+            return HttpResponseBadRequest("Code required")
+
+        token_request_uri = "https://accounts.google.com/o/oauth2/token"
+        client_id = settings.GOOGLE_OAUTH_CLIENT_ID
+        client_secret = settings.GOOGLE_OAUTH_CLIENT_SECRET
+        redirect_uri = "http://localhost:8000/api/oauth/google/callback/"
+        grant_type = "authorization_code"
+        scope = "https://mail.google.com/"
+        url = f"{token_request_uri}"
+        data = {
+            "code": code,
+            "client_id": client_id,
+            "client_secret": client_secret,
+            "redirect_uri": redirect_uri,
+            "grant_type": grant_type,
+            "scope": scope,
+        }
+        headers = {
+            "Content-Type": "application/x-www-form-urlencoded",
+        }
+        response = httpx.post(url, data=data, headers=headers)
+        data = response.json()
+        if "error" in data:
+            return HttpResponseBadRequest(data["error"])
+        elif "access_token" in data:
+            access_token = data["access_token"]
+            # if "refresh_token" in data:
+            #     refresh_token = data["refresh_token"]
+            # expires_in = data["expires_in"]
+            account, _ = MailAccount.objects.update_or_create(
+                password=access_token,
+                is_token=True,
+                imap_server="imap.gmail.com",
+                defaults={
+                    "name": f"Gmail {datetime.now()}",
+                    "username": "",
+                    "imap_security": MailAccount.ImapSecurity.SSL,
+                    "imap_port": 993,
+                },
+            )
+
+        return HttpResponseRedirect(
+            f"http://localhost:4200/mail?oauth_success=1&account_id={account.pk}",
+        )
--- a/src/paperless/settings.py
+++ b/src/paperless/settings.py
@ -1195,3 +1195,11 @@ EMAIL_ENABLE_GPG_DECRYPTOR: Final[bool] = __get_boolean(
 # Soft Delete                                                                 #
 ###############################################################################
 EMPTY_TRASH_DELAY = max(__get_int("PAPERLESS_EMPTY_TRASH_DELAY", 30), 1)
+
+
+###############################################################################
+# Oauth Email Providers                                                      #
+###############################################################################
+GOOGLE_OAUTH_CLIENT_ID = os.getenv("PAPERLESS_GOOGLE_OAUTH_CLIENT_ID")
+GOOGLE_OAUTH_CLIENT_SECRET = os.getenv("PAPERLESS_GOOGLE_OAUTH_CLIENT_SECRET")
+GOOGLE_OAUTH_ENABLED = bool(GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET)
--- a/src/paperless/urls.py
+++ b/src/paperless/urls.py
@ -22,6 +22,7 @@ from documents.views import CorrespondentViewSet
 from documents.views import CustomFieldViewSet
 from documents.views import DocumentTypeViewSet
 from documents.views import GlobalSearchView
+from documents.views import GoogleOauthCallbackView
 from documents.views import IndexView
 from documents.views import LogViewSet
 from documents.views import PostDocumentView
@ -165,6 +166,11 @@ urlpatterns = [
                    TrashView.as_view(),
                    name="trash",
                ),
+                re_path(
+                    r"^oauth/google/callback/",
+                    GoogleOauthCallbackView.as_view(),
+                    name="google_oauth_callback",
+                ),
                *api_router.urls,
            ],
        ),